What is RHSA-2026:3962?

RHSA-2026:3962 is a security advisory published by Red Hat Product Security with High severity. Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update

Which CVE IDs does RHSA-2026:3962 cover?

RHSA-2026:3962 covers the following CVE IDs: CVE-2025-61140, CVE-2026-1207, CVE-2026-1287, CVE-2026-1312, CVE-2025-13465. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of RHSA-2026:3962?

RHSA-2026:3962 has a CVSS v3 base score of 8.8, published by Red Hat Product Security.

RHSA-2026:3962HighCVSS 8.8

Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update

Vendor

Red Hat Product Security

Published

March 6, 2026

Last Modified

May 28, 2026

🔗 CVE IDs covered (5)

CVE-2025-61140 →CVE-2026-1207 →CVE-2026-1287 →CVE-2026-1312 →CVE-2025-13465 →

📋 Description

CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-61140 — jsonpath: jsonpath: Prototype Pollution vulnerability in the value function CVE-2026-1207 — Django: Django: SQL Injection via RasterField band index parameter CVE-2026-1287 — Django: Django: SQL Injection via crafted column aliases CVE-2026-1312 — Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()

🔗 References (9)

selfhttps://access.redhat.com/errata/RHSA-2026:3962
externalhttps://access.redhat.com/security/cve/CVE-2025-13465
externalhttps://access.redhat.com/security/cve/CVE-2025-61140
externalhttps://access.redhat.com/security/cve/CVE-2026-1207
externalhttps://access.redhat.com/security/cve/CVE-2026-1287
externalhttps://access.redhat.com/security/cve/CVE-2026-1312
externalhttps://access.redhat.com/security/updates/classification/
externalhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/release_notes/patch_releases#aap-25-20260225
selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3962.json